apache/dolphinscheduler

[Feature][API] Logs support blocking database passwords or sensitive configurations such as S3/OSS access-key and secert-key

Open

#17398 opened on Aug 6, 2025

View on GitHub
 (2 comments) (0 reactions) (0 assignees)Java (11,659 stars) (4,324 forks)batch import
featurehelp wantedpriority:middle

Description

Search before asking

  • I had searched in the issues and found no similar feature requirement.

Description

No response

Use case

No response

Related issues

No response

Are you willing to submit a PR?

  • Yes I am willing to submit a PR!

Code of Conduct

Contributor guide

Tech stack
java
Domain
backendsecurity
Issue type
security
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
half day
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
fresh
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
needs investigation
Prerequisites
Javalogging framework (Logback/Log4j)
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
40
Research direction
Investigate the current logging configuration in Apache DolphinScheduler, focusing on how database passwords and S3/OSS access keys are logged. Look for patterns where sensitive configuration values are printed without masking. Propose a solution such as adding a custom log filter or using placeholder replacement. Review the codebase for existing security practices. The issue has no maintainer response yet, so first confirm if this is a desired feature.